Air Force’s cyber commander says Iran is next big ’Net menace

Iran seen as growing threat after Stuxnet; Air Force wants more cyberwarriors.

General William Shelton, commander of the US Air Force Space Command, told reporters in a press briefing for the Defense Writers Group that he believes Iran's growing "cyber" capabilities will be a "force to be reckoned with," thanks in part to Iran's response to the Stuxnet attacks on its nuclear facilities in 2010.

"It's clear that the Natanz situation generated reaction by them," Shelton told reporters, referring to the nuclear facility where Stuxnet crippled centrifuges. "They are going to be a force to be reckoned with, with the potential capabilities that they will develop over the years and the potential threat that will represent to the United States."

Shelton, who oversees the Air Force's own cyberwarfare operations, the 24th Air Force, is pushing for more expansion of Air Force communications. Current plans from the Defense Department's Cyber Command—the joint command responsible for coordinating the military's offensive and defensive network operations—call for an additional 1,000 civilian employees to the Air Force's network operations and security workforce over the next two years. The Air Force's "cyber professionals" currently number about 6,000.

"Cyber Command is in the midst of determining how they are going to operate across all the geographic combatant commands as well as internal to the United States," Shelton told journalists, "and it looks like we will be tapped for well over 1,000 additional people into the cyber business."

Space Command's cyber arm is focused on operating and defending the Air Force's own networks, as well as exploiting and attacking those of adversaries. Policies are still being formed around how to use these capabilities, Shelton said. "I call [cyber] the Wild West because you can be anywhere and do anything and be effective," Shelton said. "All you need is an Internet connection, the right skills and a laptop and you're in the game."

Because the Air Force's area of responsibility, based on DoD Doctrine, is the "Air, Space, and Cyberspace theaters". Probably because the Air Force has a higher intelligence requirement for entry (that isn't even trying to be a jab at the other branches, Every AFSC (job) in the Air Force requires higher ASVAB scores than its counterparts in the other branches of the military, as well as base score to qualify to join).

The air force is mostly people sitting at computers anyway, so of all the branches it fits there the best (we don't need yet another branch). I imagine they got it in the first place because they are in charge of communications and satellites, and at this point there would be a big mess trying to move it somewhere else.

Its somewhat arbitrary, but a convincing enough argument was made that there are organizational and operational parallels between delivering things like satellite services, bombs, and missiles anywhere on the globe and delivering services and attacks globally via networks. All the services still have organizations with cyber responsibilities, so its not completely Air Force only.

I call [cyber] the Wild West because you can be anywhere and do anything and be effective, all you need is an Internet connectionyour target to leave vital systems connected to the internet, the right skills and a laptop and you're in the game.

Fixed that for the General. Hitting air-gapped targets like Natanz takes quite a bit more planning and resources than a Macbook and a Wi-Fi hotspot.

Marginalizing the "cyber" threats against the U.S. for dated vocabulary or by assuming the superiority of our systems is a mistake. The enemies are real and they are not ill prepared. General Shelton is on point here, and not just making noise for funding or expansion of his command.

Wait so because Iran was attack by a (possibly US sponsored) nasty virus and has had to endure other cyber attacks against it that now the US needs to be concerned because they are developing ways and means to defend and possibly strike back?

Did no one think of this before deciding to to declare cyber-war on Iran?

Big Wang, I agree with Arlondiluthel. No facts were provided, so all I saw was a strongly held opinion. And, more disagreeably, an 'America is always the bad guy' opinion. That general attitude is objectionable.

This is so funny as to be sad. So the country that the US launched a successful cyber attack on, damaging their enrichment facilities and actually getting them shut down for a period of time, THIS is the country they are going to hold up as the cyber boogie man?

This is so funny as to be sad. So the country that the US launched a successful cyber attack on, damaging their enrichment facilities and actually getting them shut down for a period of time, THIS is the country they are going to hold up as the cyber boogie man?

Farcical.

It isn't. Iran is in a position where their best ability to "strike back" is through cyber attacks. So what do you think they are going to hone in on as a response strategy?

Plenty of US infrastructure is sitting fat and happy and wide open.

Even a single pretty good hacker could probably do some serious damage if so inclined. It doesn't take anything on the sophistication scale of Flame or Stuxnet to cause some serious harm.

There really is an easy fix for this though... Convince the countries hosting the distant ends to Iran's connection to the greater Internets to disconnect Iran from the rest of the world, then they can't launch cyber attacks on anyone. Then again, they've pissed off their neighbors enough times over the years I'm surprised that hasn't already happened.

This is such a crock. Nevermind Russia, China, or several other states.

When is this hard-on for Iran gonna stop? This is part case-building against Iran for war. Yes, I agree they're not fuzzy kittens and are trying to develop nukes. They've also been of interest to US oil interests for DECADES.

I love my country and served it nearly a decade, but a lot of this bullshit needs to stop.

Probably because the Air Force has a higher intelligence requirement for entry (that isn't even trying to be a jab at the other branches, Every AFSC (job) in the Air Force requires higher ASVAB scores than its counterparts in the other branches of the military, as well as base score to qualify to join).

Yeah, keep telling yourself that.

Edit for clarity. No, the Air Force does not have the highest "intelligence" requirement for entry. An ASVAB score doesn't measure your intelligence, it measure whether or not you're at the level of a person that slept their way through middle school and then barely graduated high school. Any half awake 10th grader could just about ace that test if they put in minimal effort. Besides, the barrier to entry is an overall score of 45 for the USCG, while it's 40 for the USAF. The rest are a mere 5 points behind the Air Force and the Marines 8 points for a minimum of 32. The Air Force on average isn't more intelligent or more demanding on the brain than any other branch, they're just more selective who they want making dents in office chairs and overspending the DoD budget on shit we'll never need. Like the F-22 for example. Or this ridiculous boogeyman bullshit. About the only thing the US Air Force is good at, as a military branch, is doing much less with much more than the rest of the military. Hell, they don't even make their own beds. I don't trust people that can't be bothered to make their own beds and instead use DoD funds to employ someone to change their sheets for them.

Yes. In the information security field people who use the term "cyber" are usually looked down upon as buzzword whores, charlatans, ignorant, and a joke.

I see "cyber" a lot in policies and regulations that began outside the IT sphere. Get used to it, because it's and accepted term (and it's not a bad one, really). "Cyber security" especially is very much a thing in a lot of industries.

Why not just say "Since we launched a cyber attack on Iran, we can probably expect one in return"?

I thought the US armed forces undertook "lessons learned" reviews after each conflict, but it seems that a few lessons have been missed. Invade a country unilaterally? Check. Piss off the supporters of one of the world's largest religions by acting as if they are all terrorists? Check. Selling arms to the enemy of my enemy, without noticing that he's my enemy? Check. Torture is bad unless I do it? Check.

Because the USAF is de facto the military's IT dept. Because the Army and the Marines are grunts with guns. They are VERY good at things they do, but computers isn't one of those things. Navy could have the talent, but they are hardly in a position to get involved from what their mission parameters are.

Navy and USAF = smart techs

Army and Marines = would not trust them with a login into an Ethernet switch.

We have no choice but continue countering hacks from large powerful countries like China and Russia. There's nothing we can do against that, other than tighten the defenses (technology and training go hand in hand here) and maybe hack them back.

A little country, especially one already on our shit list like Iran, they just may lose their main Internet hub to a cruise missile or a B2 attack.

Yes. In the information security field people who use the term "cyber" are usually looked down upon as buzzword whores, charlatans, ignorant, and a joke.

I see "cyber" a lot in policies and regulations that began outside the IT sphere. Get used to it, because it's and accepted term (and it's not a bad one, really). "Cyber security" especially is very much a thing in a lot of industries.

You're right, it's being accepted by journalists, bureaucrats, grandparents, and eventually everyone...Still makes me feel dirty to say it though.

Are you really going to take someone who writes "Cyber Warrior" on their resume seriously though? Or would you rather someone who says "Information Security Professional". I'm pretty sure if I ever shook hands with someone and they described themselves as a "Cyber Warrior" that I would burst out laughing.

I'd be much more happy if it were "Never get in a land war that isn't less than 500 miles of the United States borders; also, stay out of other peoples business unless it involves genocide. Then work with that continents countries for giving aid."

Sure would cut down on the bullshit we are going through now. It's amazing that not one politician ever sees out situation as the bully that goes around kicking over sand castles, threatening to beat up kids for their lunch money, and then get surprised when one kid decides he's had enough and flattens the bully in front of everyone. About 100% of our current problems are caused by our history of fucking with other countries in some way, and now the chicken is coming home to roost. You reap what you sow, and we've done more than our fair share of reaping in the last 100 years.

Because the USAF is de facto the military's IT dept. Because the Army and the Marines are grunts with guns. They are VERY good at things they do, but computers isn't one of those things. Navy could have the talent, but they are hardly in a position to get involved from what their mission parameters are.

Navy and USAF = smart techs

Army and Marines = would not trust them with a login into an Ethernet switch.

Your name fits this comment very well. An office full of morons, though I doubt you're not one of them. I'd chalk this comment up to extreme ignorance mostly, but there's a splash of pure stupidity in there somewhere.

I work in civilian IT now, for a small defense contractor. I've worked with military techs lately and I stand by what I said. Also my best buddy was a Navy tech on the Nimitz for 4 years. (Yeah they typically get 1 year at sea, he got 4 consecutive.) He told me the same thing.

I could have been all PC and shit, and worded my reply differently. But why mince words? They mean what they mean. I always talk straight.

Sean Gallagher / Sean is Ars Technica's IT Editor. A former Navy officer, systems administrator, and network systems integrator with 20 years of IT journalism experience, he lives and works in Baltimore, Maryland.